1. The Administrator of your personal data is the Medical University in Warsaw at Żwirki i Wigury Street 61, 02-091 Warsaw. You can contact the Administrator in writing, by traditional mail, to the address of our head office, via e-mail: rektor@wum.edu.pl or by telephone at +48 (22) 57 20 101.

2. The Data Protection Officer (DPO) appointed by the Administrator supervises the correctness of personal data processing. You can contact the Data Protection Officer via traditional mail by writing to the following address: ul. Żwirki i Wigury 61, 02-091 Warsaw, via e-mail: iod@wum.edu.pl or by phone: +48 (22) 57 20 320.

3. The processing of personal data requires a legal basis, which is:

a. Article 6 par. 1 indent b of the GDPR, i.e. personal data are processed appropriately on the basis of an agreement concluded with the MUW (necessity of processing for the performance of the agreement to which you are party, including agreements rendering free electronic services );

b. Article 6 par. 1 indent c of the GDPR, i.e. the necessity to fulfill the legal obligation of the Administrator (eg. storing VAT invoices in order to fulfill fiscal obligations);

c. Article 6 par. 1 indent f of the GDPR i.e. the necessity of processing for purposes resulting from legitimate interests pursued by the Administrator or by a third party in particular, marketing and promotion (eg. direct marketing, investigation and defense in the event of mutual claims);

d. art. 6 par. 1 indent a of the GDPR, i.e. your consent to the processing of your personal data.

4. Your data is processed by us as an Administrator in one or several of the following purposes:

a. performance of the agreement concluded with the MUW (Article 6 ( 1)( b) of the GDPR);

d. establishment, exercise and defense in the event of mutual claims (basis: Article 6 (1) (f) of the GDPR);

e. marketing purposes (basis: Article 6 (1) (f) of the GDPR);

f. analytical purposes (basis: Article 6 (1) (f) of the GDPR);

g. statistical purposes (basis: Article 6 (1) (f) of the GDPR);

h. historical purposes (basis: Article 6 (1) (f) of the GDPR

5. Your personal data will not be processed by automated means, including those based on profiling without your separate consent.

6. The recipients of your personal data are entities contracted by the Administrator to perform activities that involve the data processing (personal data processing entities): IT system operators, payment system operators, SMS system operators, email marketing system operators, payment operators, law offices, accounting and auditing companies.

7. Your personal data is not transferred to third countries, ie. outside the European Economic Area (EEA), or international organizations.

8. Personal data will be processed for the period necessary to achieve the objectives mentioned in Article 4 eg. until the end of the service, and after this period until the time of prescription of possible claims or until the obligation to store data resulting from legal provisions expires.

9. With regard to the processing of your personal data, you have the right to:

a. access personal data;

b. correct personal data;

c. delete personal data;

d. limit the processing of personal data;

e. appeal against the processing of personal data;

f. transfer personal data;

g. lodge a complaint to the supervisory body.

10. If the processing of your data takes place on the basis of your consent, you have the right to withdraw your consent at any time without affecting the legality of the processing, which was made on the basis of consent before its withdrawal.

11. Providing data is voluntary, but necessary to achieve the objectives for which they are collected.

12. If we process your personal data on the basis of the justified interests of the Administrator (e.g. for marketing purposes), we will no longer process them for the purposes indicated, if you appeal against such processing. You have the right at any time, to submit a free appeal to the processing of your personal data, if: (1) the processing of your personal data is based on a legitimate interest or for statistical purposes, and the appeal is justified by the exceptional situation (2) your personal data are processed for direct marketing purposes, including profiling, to the extent that the processing is related to such direct marketing. You can submit an appeal by writing to the e-mail address: iod@wum.edu.pl.

13. More information about exercising your rights described in paragraph 9, you can obtain by contacting the Administrator or the Data Protection Officer in the manner specified in paragraph 1 and 2.

14. The Administrator uses best efforts to ensure all means of physical, technical and organizational protection of personal data against their accidental or deliberate destruction, loss, alteration, unauthorized disclosure, use or access, in accordance with all applicable regulations.